On Thu, Sep 02, 2010 at 08:48:47PM -0600, DRC wrote: > On 9/2/10 9:50 AM, Adam Tkac wrote: > > This type is, by default, disabled on the server. It must be enabled > > via commandline parameter (-SecurityTypes). Client has it disabled as > > well but if user specify he wants to use it (and server has Plain type > > enabled) then it is used. If it is client's first sectype then it is > > preferred over more "strong" mechanisms (TLS, for example). > > IMHO, the correct behavior should be that if the server enables this > security type before other security types, then the client should use it > unless the user specifically passes the -SecurityTypes parameter to the > client to disable the type. IOW, I think the Plain type should be > enabled by default on the client but not given priority. I agree that > it should not be enabled on the server without an explicit override.
The client side honors the Security Type order of the server - code for using the client side order was removed with "Remove unused CConnection::setClientSecTypeOrder function" on Jul 20 2010. Regards, Martin Kögler ------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd _______________________________________________ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel